fix(release): authenticate pin smoke polling

ggonzalez94 · ggonzalez94 · commit b689905e92a8 · 2026-03-15T19:39:54.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,11 @@ Format:
 
 - None yet.
 
+## [v0.1.3] - 2026-03-15
+
+### Fixed
+- Release paid smoke now uses the bearer token issued by `POST /pins` when polling pin status, so CI validates the authenticated owner flow that production enforces.
+
 ## [v0.1.2] - 2026-03-15
 
 ### Fixed
@@ -43,7 +48,8 @@ Format:
 ### Docs
 - Added Railway deployment and Taiko x402 smoke runbooks covering volumes, backups, rollback, and go-live validation.
 
-[Unreleased]: https://github.com/taikoxyz/tack/compare/v0.1.2...HEAD
+[Unreleased]: https://github.com/taikoxyz/tack/compare/v0.1.3...HEAD
+[v0.1.3]: https://github.com/taikoxyz/tack/releases/tag/v0.1.3
 [v0.1.2]: https://github.com/taikoxyz/tack/releases/tag/v0.1.2
 [v0.1.1]: https://github.com/taikoxyz/tack/releases/tag/v0.1.1
 [v0.1.0]: https://github.com/taikoxyz/tack/releases/tag/v0.1.0
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tack",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "private": true,
   "description": "Pin to IPFS, pay with your wallet. No account needed.",
   "scripts": {
diff --git a/src/scripts/x402-smoke.ts b/src/scripts/x402-smoke.ts
@@ -7,6 +7,7 @@ import { toClientEvmSigner } from '@x402/evm';
 import { ExactEvmScheme } from '@x402/evm/exact/client';
 import { createPublicClient, defineChain, http, type Hex } from 'viem';
 import { privateKeyToAccount } from 'viem/accounts';
+import { WALLET_AUTH_TOKEN_RESPONSE_HEADER } from '../services/x402';
 
 interface SmokeConfig {
   apiBaseUrl: string;
@@ -296,10 +297,17 @@ async function run(): Promise<void> {
     throw new Error(`Paid pin response missing requestid: ${paidBodyText}`);
   }
 
+  const ownerToken = pinResult.response.headers.get(WALLET_AUTH_TOKEN_RESPONSE_HEADER);
+  if (!ownerToken) {
+    throw new Error(`Paid POST /pins response missing ${WALLET_AUTH_TOKEN_RESPONSE_HEADER} header`);
+  }
+
   const pinStatusResponse = await fetchWithTimeout(
     `${pinsUrl}/${pinResponse.requestid}`,
     {
-      headers: pinResult.paymentSignatureHeaders
+      headers: {
+        authorization: `Bearer ${ownerToken}`
+      }
     },
     config.requestTimeoutMs
   );

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "tack",`
`3`		`- "version": "0.1.2",`
	`3`	`+ "version": "0.1.3",`
`4`	`4`	`"private": true,`
`5`	`5`	`"description": "Pin to IPFS, pay with your wallet. No account needed.",`
`6`	`6`	`"scripts": {`